Please join MedPower and NetDiligence® for an hour you can’t afford to miss. Anahi Santiago, chief information security officer at Christiana Care Health System will guide you through the steps necessary to safe guard your organization from what hackers have in store for 2018. Vinny Sakore, chief technology officer at NetDiligence will discuss the importance of data breach planning and how it can help you minimize the negative effects of a breach on your organization. Register now!

… the consumer data industry is now grappling with after a discovery that Irvine marketing and analytics company Alteryx Inc. accidentally made public a file that contained the personal information of 123 million American households. (The U.S. has 126 million households in all, according to the Census Bureau.) The database contained information across 248 categories, including addresses, phone numbers, mortgage ownership, age, ethnicity and personal interests such as whether a person is a dog or cat enthusiast. The data did not include people’s names, Social Security numbers, credit card information or passwords. Click to read entire article.

Auto giant Nissan confirmed that its Canadian branch has been hit by hackers. Although the details of the breach are still murky, Nissan says that the hack may have impacted all of its current and past customers – around 1.13 million people. Click to read entire article.

RETAIL

Study: Majority of retailers lack data breach response plan

Only 28% of retailers said they have a fully tested plan in place in the event of a security breach. Meanwhile, 21% said their organization doesn’t have a plan at all, or the means to notify customers of a data breach within 72 hours (21%) — a requirement specified by the General Data Protection Regulation (GDPR), according to a new study from Tripwire. Click to read entire article.

HEALTHCARE

—SETTLEMENT ALERT—

MA Reaches Settlement Following Medicaid Data Breach

New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach where 2,600 children had some of their information exposed. Click to read entire article.

Possible data breach at Colorado Mental Health Institute in Pueblo

The Colorado Mental Health Institute at Pueblo is notifying the public and patients of a potential data breach. In a news release, the agency said on November 1st a staff member unintentionally allowed access to a state-issued computer through a phishing scam. Click to read entire article.

Banner Health Class Action Claims Survive Motion to Dismiss

Wednesday, a federal district court in Arizona denied in part and granted in part Banner Health’s motion to dismiss class action claims arising from a 2016 data breach. Click to read entire article.

HIGHER EDUCATION

UNC Health Warns 24,000 Patients of Potential Data Breach

The personal records of as many as 24,000 UNC Health patients could be compromised after the theft of a laptop computer at an outpatient dermatology clinic. Click to read entire article.

Following a pair of data breaches that exposed highly sensitive student and employee information, the chief digital officer at Stanford University’s Graduate School of Business has reportedly stepped down. Click to read entire article.

PUBLIC ENTITY

Oklahoma alerts 47,000 clients about data breach for the 2nd time

The Oklahoma Department of Human Services is notifying 47,000 clients their records may have been breached — and it’s the second breach notification about the same incident because DHS neglected to alert the U.S. Department of Health and Human Services the first time. Click to read entire article.

FDL Water Bill Online Payment System Taken Down After Breach

The City of Fond du Lac water bill online payment system has been taken down until it can be rebuilt. Fond du Lac Credit Union officials reached out to the City after noticing some credit card customers were victims of fraudulent purchases. Click to read entire article.

Hackers breached the county’s servers last week and held files for ransom. The cybercriminals, believed to be from Ukraine or Iran, froze 48 of the county’s 500 servers. Click to read entire article.

UTILITIES

Data breach affects about 375,000 people who paid Duke Energy bills using cash or checks at walk-in sites

Duke Energy said Tuesday that a computer data breach potentially affects those who paid bills at one of the company’s 550 authorized walk-in payment centers between 2008 and 2017. Nearly 375,000 customers in the Carolinas may be affected. Click to read entire article.

Hacking of Connecticut Utility Company Exposes As Many As 52,000 Customers’ Information

The information of 52,000 people that may have been exposed includes payment card information, bank account information, Social Security and other government identification numbers, account usernames and passwords. Click to read entire article.

CANADA

—CLASS ACTION SETTLEMENT ALERT—

Ottawa to pay $17.5M to settle student loan privacy breach lawsuit

The federal government will pay at least $17.5 million to settle a class action lawsuit filed after a major privacy breach involving about 583,000 student loan recipients. Click to read entire article.

PayPal has acknowledged that TIO, the Canadian payments processing company that it acquired in July 2017 has suffered a data breach that compromised the information of up to 1.6 million users. TIO processes utility and other bill payments and has over 60,000 kiosks in North America. Click to read entire article.

EUROPE / UK

UK Ruling On Business Held Liable For Data Breach

A UK High Court has held a company liable for the actions of an employee that leaked employee data in an attempt to harm the employer. This is a precedent setting case as it was not found that the company itself was at fault for handling their data. With the onset of GDPR next year, this ruling could signal the way the court would rule in other cases regarding data breaches. Click to read entire article.

Data breach at St Canices Credit Union in Kilkenny

St Canices Credit Union has notified the Data Protection Commisioner and the Central Bank of Ireland after a small number of members inadvertently received account information relating to other members. Click to read entire article.

ASIA/PACIFIC

Security firm Sisa alerts banks on malware attack

Payment security firm Sisa has issued an advisory to all banks and payment processors after it discovered that hackers had managed to insert malicious software into the payment switch server of an unnamed bank. Click to read entire article.

Personal data of 80,000 people may have been leaked from Osaka Univ.

Osaka University said Wednesday that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers. Click to read entire article.